The Montepaschi Group attaches utmost importance to the process of identifying, monitoring, measuring and controlling risk.
The Risk Management process of the Group has been further enhanced over the last few years. This was made possible particularly as a result of the gradual extension of the advanced models for risk management and reporting purposes to the various entities of the Montepaschi Group.
The fundamental principles of the Montepaschi Group’s Risk Management Process are based on a clear-cut distinction of roles and responsibilities into functions of first, second and third level of control.
The Board of Directors of the Parent company is responsible for:
- defining strategic guidelines and risk management policies at least on a yearly basis;
- setting the overall level of risk appetite for the Group also quantitatively in terms of Economic Capital.
The Board of Statutory Auditors and the Internal Controls Committee e Risk are responsible for:
- evaluating the level of efficiency and adequacy of the Internal Controls systems with particular regard to risk control.
Top Management is responsible for ensuring compliance with risk policies and procedures. The Risk Committee of the Parent Company:
- establishes Risk Management policies;
- ensures overall compliance with the limits defined for the various operating levels;
- proposes the allocation of capital for submission to the Board of Directors for approval; assesses initiatives for capital allocation at Group level and for each strategic business area and/or company of the Group and submits them to the Board of Directors;
- assesses the risk profile reached both at Group level and by individual Group companies and therefore assesses (Regulatory and Economic) capital consumption as well as the trends of risk/return performance indicators.
The Finance and Liquidity Committee of the Parent Company has the task of:
- setting the principles of - and providing strategic guidance for- Proprietary Finance;
- monitoring the interest rate and liquidity risk exposure of the Bank’s portfolio;
- defining Capital Management actions required.
As part of the ‘Internal Controls’ Area, third-level controls are carried out by the Internal Audit Area, second-level controls by the Risk Management Division and first-level controls by the BCU.
The Internal Controls Area of the Parent Company is responsible for defining the rules pertaining to the internal controls system and ensuring they are applied and complied with.
Within the framework of the Bank's overall organisational and governance restructuring, in 2012 the Risk Management division was set up and made to report directly to the Chief Executive Officer. In the new organisational setup, the Risk Management Area is allocated to the Risk Management Division. In alignment with regulatory provisions and international best practices, this setup is aimed at guaranteeing greater autonomy and forcefulness to risk management actions and to the effectiveness of the entire risk management and control process.
The Risk Management Division is responsible for:
- guaranteeing the operation of the risk management system, assessing capital adequacy and defining risk appetite together with the CFO Division;
- setting out the strategic guidelines for the loan book e ensuring risk reporting to the Group's Top Management and governance bodies.
Within the Risk Management Division, the Risk Management Area of the Parent Company:
- defines integrated analysis methodologies needed to measure overall risks so as to guarantee they are accurately measured and constantly monitored;
- quantifies Economic Capital consumption as well as the minimum amount of capital to be held to cover all existing risks;
- produces control reports and ensures compliance with the operational limits set by the Board of Directors on the basis of internally-developed models;
- oversees criteria for verification of MiFID compliance for investment products and services offered to customers, as well as those for risk and performance measurement and monitoring of products and portfolios held by customers.
The Business Control Units, which are internal to the business and operating units of the Parent Company and Group subsidiaries, carry out conformity checks on the transactions they are responsible for and are the first level of organisational supervision of operations within the more general system of Internal Controls. The BCUs of the Parent Company’ Finance segment are also allocated to the Risk Management AreaIn accordance with the principles contained in the New Accord on Capital Adequacy (Basel 2) in relation to First Pillar risks, in the first half of 2008, the Montepaschi Group completed its work on the internal models for credit and operational risks. Pursuant to Circular Letter 263/2006 of the Bank of Italy, on 12 June 2008, with decree no. 647555, the Montepaschi Group was officially authorised to use the advanced models for the measurement and management of credit risk (AIRB – Advanced Internal Rating Based) and operational risk (AMA – Advanced Measurement Approach) as of the first consolidated report at 30/06/2008.
Subsequently, activities continued for completion and extension of these models to entities not included in the initial scope of validation.